Malicious PDF — malware analysis report

Static analysis result for SHA-256 8d7703792afcc4c1…

MALICIOUS

PDF

15.1 KB Created: 2019-06-04 10:19:23 +01:00 Authoring application: mPDF 5.7
MD5: 9660b8329a1558abbda1cc7d757ed3ae SHA-1: 272ab0e39c5f864ce63b687e60c7eaa1d54c7f96 SHA-256: 8d7703792afcc4c180dca14c81bc528533f13627544acf3a183684cb2100df81
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF file contains a large number of embedded URLs pointing to external PDF documents, as indicated by the PDF_SEO_LINK_FARM heuristic. These links are all hosted on the domain 'cefasfese.4pu.com'. While the individual linked PDFs are marked as benign, the sheer volume and the nature of the heuristic suggest a malicious intent, possibly for SEO poisoning or as a distribution vector for other malware. No scripts were extracted from this sample.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/3732736739731733/Midwife-Beatrix-by-Valerie-Levy.pdf
    • http://cefasfese.4pu.com/1733735731738730/Midwyf-Liza-by-Valerie-Levy.pdf
    • http://cefasfese.4pu.com/3732733731738738/The-Midwife-s-Tale-Midwife-Mysteries-1-by-Sam-Thomas.pdf
    • http://cefasfese.4pu.com/9733733735734731/Die-Geschichte-von-den-Flopsy-Bunnies-illustriert-Eine-Bildergeschichte-f-r-Kinder-im-Alter-von-2-bis-6-Jahren-Beatrix-Potter-Serie-10-by-Beatrix-Potter.pdf
    • http://cefasfese.4pu.com/8732731735735733/Berna-Beatrix-Berna-Beatrix-Shows-the-Way-by-Marie-Louise-Weeks.pdf
    • http://cefasfese.4pu.com/8733731733737739/The-Beatrix-Potter-Collection-Volume-One-by-Beatrix-Potter.pdf
    • http://cefasfese.4pu.com/8733731733738738/The-Beatrix-Potter-Collection-Volume-Two-by-Beatrix-Potter.pdf
    • http://cefasfese.4pu.com/1738731730738735/A-Beatrix-Potter-Treasury-by-Beatrix-Potter.pdf
    • http://cefasfese.4pu.com/8733731733737737/A-Celebration-of-Beatrix-Potter-by-Beatrix-Potter.pdf
    • http://cefasfese.4pu.com/8733731733738737/Beatrix-Potter-A-Journal-by-Beatrix-Potter.pdf
    • http://cefasfese.4pu.com/8733731734732733/The-Big-Book-of-Beatrix-Potter-by-Beatrix-Potter.pdf
    • http://cefasfese.4pu.com/2734734735734738/The-Midwife-s-Advice-by-Gay-Courter.pdf
    • http://cefasfese.4pu.com/2733735730731739/The-Midwife-by-Jolina-Petersheim.pdf
    • http://cefasfese.4pu.com/1736737732734736/The-Popish-Midwife-by-Annelisa-Christensen.pdf
    • http://cefasfese.4pu.com/1733736739737/The-Midwife-s-Apprentice-by-Karen-Cushman.pdf
    • http://cefasfese.4pu.com/3735735732736733/Outback-Midwife-by-Beth-McRae.pdf
    • http://cefasfese.4pu.com/2739730731735/The-Midwife-39-s-Confession-by-Diane-Chamberlain.pdf
    • http://cefasfese.4pu.com/5732733737731738/The-Midwife-s-Apprentice-by-Karen-Cushman.pdf
    • http://cefasfese.4pu.com/4732736731/The-Book-of-the-Unnamed-Midwife-The-Road-to-Nowhere-1-by-Meg-Elison.pdf
    • http://cefasfese.4pu.com/5730730731738732/The-Amish-Midwife-by-Mindy-Starns-Clark.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.